package com.example.secudemo.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/product")
@Secured({"ROLE_ADMIN","ROLE_USER"})
public class ProductController {

    @RequestMapping("/findAll")
    @PreAuthorize("hasAuthority('/product/findAll')")
    public String findAll(){
        return "findAll";
    }

    @RequestMapping("/add")
    @PreAuthorize("hasAuthority('/product/add')")
    public String add(){
        return "add";
    }


    @RequestMapping("/delete")
    @PreAuthorize("hasAuthority('/product/delete')")
    public String delete(){
        return "delete";
    }
//    @Secured("ROLE_ADMIN")
//    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @RequestMapping("/update")
    @PreAuthorize("hasAuthority('/product/update')")
    public String update(){
        return "update";
    }
}
